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DETAILED ACTION 
Drawings 

1 . The drawings are objected to under 37 CFR 1 .83(a). The drawings must show 
every feature of the invention specified in the claims. Therefore, the "a first data 
structure" and "a second data structure" must be shown or the feature(s) canceled from 
the claim(s). No new matter should be entered. 

Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in 
reply to the Office action to avoid abandonment of the application. Any amended 
replacement drawing sheet should include all of the figures appearing on the immediate 
prior version of the sheet, even if only one figure is being amended. The figure or figure 
number of an amended drawing should not be labeled as "amended." If a drawing figure 
is to be canceled, the appropriate figure must be removed from the replacement sheet, 
and where necessary, the remaining figures must be renumbered and appropriate 
changes made to the brief description of the several views of the drawings for 
consistency. Additional replacement sheets may be necessary to show the renumbering 
of the remaining figures. Each drawing sheet submitted after the filing date of an 
application must be labeled in the top margin as either "Replacement Sheet" or "New 
Sheet" pursuant to 37 CFR 1.121(d). If the changes are not accepted, by the examiner, 
the applicant will be notified and informed of any required corrective action in the next 
Office action. The objection to the drawings will not be held in abeyance. 
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Specification 

2. The disclosure is objected to because of the following informalities: Some of the 
informalities are: a brief summary or general statement of the invention as set forth in 37 
CFR 1 .73; the claim or claims must commence on separate sheet or electronic page (37 
CFR 1 .52(b)(3)). The spacing of the lines of the specification is such as to make 
reading difficult. New application papers with lines VA or double spaced on good 
quality paper are required. The Examiner suggests to the applicant to review the 
specification in light of the complete list of content of specification given below. 

Content of Specification 



(a) Title of the Invention : See 37 CFR 1 .72(a) and MPEP § 606. The title of 
the invention should be placed at the top of the first page of the 
specification unless the title is provided in an application data sheet. The 
title of the invention should be brief but technically accurate and 
descriptive, preferably from two to seven words may not contain more 
than 500 characters. 

(b) Cross-References to Related Applications : See 37 CFR 1 .78 and MPEP 
§201.11. 

(c) Statement Regarding Federally Sponsored Research and Development : 
See MPEP §310. 

(d) The Names Of The Parties To A Joint Research Agreement : See 37 CFR 
1.71(g). 

(e) Incorporation-Bv-Reference Of Material Submitted On a Compact Disc: 
The specification is required to include an incorporation-by-reference of 
electronic documents that are to become part of the permanent United 
States Patent and Trademark Office records in the file of a patent 
application. See 37 CFR 1.52(e) and MPEP § 608.05. Computer 
program listings (37 CFR 1.96(c)), "Sequence Listings" (37 CFR 1.821(c)), 
and tables having more than 50 pages of text were permitted as electronic 
documents on compact discs beginning on September 8, 2000. 
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(f) Background of the Invention : See MPEP § 608.01(c). The specification 
should set forth the Background of the Invention in two parts: 

(1 ) Field of the Invention : A statement of the field of art to which the 
invention pertains. This statement may include a paraphrasing of 
the applicable U.S. patent classification definitions of the subject 
matter of the claimed invention. This item may also be titled 
"Technical Field." 

(2) Description of the Related Art including information disclosed under 
37 CFR 1 .97 and 37 CFR 1 .98 : A description of the related art 
known to the applicant and including, if applicable, references to 
specific related art and problems involved in the prior art which are 
solved by the applicant's invention. This item may also be titled 
"Background Art." 

(g) Brief Summary of the Invention : See MPEP § 608.01 (d). A brief summary 
or general statement of the invention as set forth in 37 CFR 1 .73. The 
summary is separate and distinct from the abstract and is directed toward 
the invention rather than the disclosure as a whole. The summary may 
point out the advantages of the invention or how it solves problems 
previously existent in the prior art (and preferably indicated in the 
Background of the Invention). In chemical cases it should point out in 
general terms the utility of the invention. If possible, the nature and gist of 
the invention or the inventive concept should be set forth. Objects of the 
invention should be treated briefly and only to the extent that they 
contribute to an understanding of the invention. 

(h) Brief Description of the Several Views of the Drawing(s) : See MPEP § 
608.01 (f). A reference to and brief description of the drawing(s) as set 
forth in 37 CFR 1.74. 

(i) Detailed Description of the Invention : See MPEP § 608.01(g). A 
description of the preferred embodiment(s) of the invention as required in 
37 CFR 1 .71 . The description should be as short and specific as is 
necessary to describe the invention adequately and accurately. Where 
elements or groups of elements, compounds, and processes, which are 
conventional and generally widely known in the field of the invention 
described and their exact nature or type is not necessary for an 
understanding and use of the invention by a person skilled in the art, they 
should not be described in detail. However, where particularly 
complicated subject matter is involved or where the elements, 
compounds, or processes may not be commonly or widely known in the 
field, the specification should refer to another patent or readily available 
publication which adequately describes the subject matter. 
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(j) Claim or Claims : See 37 CFR 1.75 and MPEP § 608.01 (m). The claim or 
claims must commence on separate sheet or electronic page (37 CFR 
1 .52(b)(3)). Where a claim sets forth a plurality of elements or steps, each 
element or step of the claim should be separated by a line indentation. 
There may be plural indentations to further segregate subcombinations or 
related steps. See 37 CFR 1.75 and MPEP § 608.01 (i)-(p). 

(k) Abstract of the Disclosure : See MPEP § 608.01 (f). A brief narrative of the 
disclosure as a whole in a single paragraph of 150 words or less 
commencing on a separate sheet following the claims. In an international 
application which has entered the national stage (37 CFR 1 .491(b)), the 
applicant need not submit an abstract commencing on a separate sheet if 
an abstract was published with the international application under PCT 
Article 21 . The abstract that appears on the cover page of the pamphlet 
published by the International Bureau (IB) of the World Intellectual 
Property Organization (WIPO) is the abstract that will be used by the 
USPTO. See MPEP § 1893.03(e). 

(I) Sequence Listing, See 37 CFR 1.821-1.825 and MPEP §§ 2421-2431. 
The requirement for a sequence listing applies to all sequences disclosed 
in a given application, whether the sequences are claimed or not. See 
MPEP §2421.02. 



Claim Objections 

3. Claims 5-14, 17-28 and 31-38 are objected to under 37 CFR 1.75(c) as being in 
improper form because a multiple dependent claim should refer to other claims in the 
alternative only. See MPEP § 608.01 (n). Accordingly, the claims have not been further 
treated on the merits. 



Claim Rejections - 35 USC §112 

4. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 
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5. Claims 15-28 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. The detailed description of the specification 
does not describe a logic encoded in media. 

6. Claim 16 recites the limitation "the change" in line 4. There is insufficient 
antecedent basis for this limitation in the claim. 

Claim Rejections - 35 USC § 101 

7. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

8. Claims 15-28 are directed to non-statutory subject matter. Claims 15-16 recite 
logic encoded in media" applicant has not specifically defined a media in the 
specification. A media could be interpreted consistent with the specification as paper or 
any other media. The claims should be amended to specify that the program stored in a 
computer readable media. 

9. Claims 17-28 are rejected for being dependent on the rejected base claims. 



Claim Rejections - 35 USC § 102 
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10. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

11. Claims 1-4 and 15-16 and 29-30 are rejected under 35 U.S.C. 102(e) as being 
anticipated by McClure et al. (hereinafter McClure) US Patent Number 7,152,105. 
As per claims 1,15 and 29: 

McClure teaches a system for real-time vulnerability assessment of a 
host/device, said system comprising: 

an agent running on the host/device, (figure 1, item 102) said agent comprising: 

a first data structure for storing the status of interfaces and ports on the 
interfaces of the host/device, an executable agent module coupled to the first data 
structure to track the status of interfaces and ports on the interfaces of the host/device 
and to store the information, as entries in said first data structure, said executable agent 
module to compare the entries to determine a change in the status of interfaces and/or 
of ports on the interfaces of the host/device, (figure 3, col. 6, line 59-col. 8, line 8; col. 
13, line 10-col. 15, line 40) 

a remote destination server, (figure 1, item 100) said destination server 
comprising, a second data structure for storing the status of interfaces and the ports on 
the interfaces of the host/device, an executable server module coupled to the second 
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data structure to receive the information communicated by the agent executable module 
of the agent on the host/device, said executable server module to store the received 
information as entries in the second data structure wherein the entries indicate the state 
of each of the ports on each of the active interfaces of the host/device as received, said 
executable server module to compare the entries in said data structures to determine 
the change in the status of interfaces and ports on the interfaces of the host/device, and 
said executable server module to run vulnerability assessment tests on the host/device 
in the event of a change in the status of interface/ports, (col. 6, line 59-col. 8, line 8; col. 
12. lines 30-64; col. 31, line 2-col. 32, line 37; col. 36, lines 3-26; col. 59, lines 4-33) 
As per claim 2: 

McClure teaches all the subject matter as discussed above. In addition, McClure 
further discloses a system of comprising: an executable server module coupled to a 
second data structure to receive and update the vulnerability data in the destination 
server used by the server for vulnerability tests, whenever new vulnerabilities are 
discovered, and said executable server module coupled to the second data structure to 
test the host/device for the new vulnerabilities whenever the vulnerability database is 
updated with new vulnerabilities and to determine the new vulnerabilities (col. 53, line 
60-col. 54, line 40; col. 59, lines 4-34) 
As per claims 3, 16 and 30: 

McClure teaches all the subject matter as discussed above. In addition, McClure 
further discloses a system comprising: 
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an agent running on the host/device, (figure 1 , item 102) said agent comprising: a 
first data structure to store the status of interfaces on the host/device and the ports on 
the interfaces on the host/device, an executable agent module coupled to the first data 
structure and operable to track the status of interfaces and ports on the interfaces of the 
host/device to collect and store the information, as entries in the first data structure, said 
executable agent module coupled to the first data structure to compare the entries to 
determine a change in the status of interfaces and/or of ports on the interfaces of the 
host/device, said executable agent module to communicate said changes to a remotely 
located destination server on the network, (figure 3, col. 13, line 10-col. 15, line 40) and 

a destination server running remotely, (figure 1, item 100) said destination server 
comprising: a second data structure for storing the status of interfaces/ports on the 
host/device, an executable server module coupled to the second data structure to 
receive information communicated by the executable module on the host/device, said 
executable server module coupled to the second data structure to store the received 
information as entries in the second data structure wherein the entries indicate the state 
of each of the ports on each of the active interfaces of the host/device as received, said 
executable server module coupled to the second data structure to compare the entries 
to determine any change in the status of interfaces and ports on the interfaces of the 
host/device as reported to it, (figure 3, col. 6, line 59-col. 8, line 7; col. 13, line 10-col. 
15, line 40) said executable server module coupled to the second data structure to 
process the changes to determine any new interfaces active and/or any newly opened 
ports on any of the active interfaces on the host/device on which services are listening 
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as reported to it, (figure 3, col. 8, line 59-col. 9, line 40; col. 13, line 10-col. 15, line 40) 
said executable server module coupled to the second data structure to run tests 
remotely to identify the network services running on the newly opened ports on the 
various active interfaces of the host/device, said executable server module coupled to 
the second data structure to run vulnerability assessment tests on the identified network 
services on the newly opened ports of the interfaces and storing the results, (figure 3, 
col. 10, lines 15-col. 11, line 57; col. 13, line 10-col. 15, line 40) and said executable 
server module coupled to the second data structure to obtain an incremental or an 
overall vulnerability status report of the host/device from the results of the current 
vulnerability tests, and previously stored results, (col. 10, lines 15-col. 11, line 57; col. 
50, lines 1 1-35; col. 53, line 60-col. 54, line 40; col. 59, lines 4-34) 
As per claim 4: 

McClure teaches all the subject matter as discussed above. In addition, McClure 
further discloses a system comprising: an executable server module coupled to the 
second data structure to receive and update the vulnerability database in the 
vulnerability assessment server used by the server to do vulnerability tests, whenever 
new vulnerabilities are discovered publicly or elsewhere, and an executable server 
module coupled to the second data structure to test the host/device for the new 
vulnerabilities whenever the vulnerability database is updated with new vulnerabilities, 
and obtain results, (col. 53, line 60-col. 54, line 40; col. 59, lines 4-34) 



Conclusion 
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12. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See Form PTO-892. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shewaye Gelagay whose telephone number is 571-272- 
4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. * ja 



Shewaye Gelagay 




